We Claim: 



1 1 . A system of secure network connectivity between one or more users 

2 and at least one network server, comprising: 

3 at least one intelligent data carrier, issued to one user, wherein said 

4 intelligent data carrier comprises at least (i) one memory, adapted to store data, (ii) 

5 one input-output apparatus, adapted to input and output data, and (iii) one 

6 processor, adapted to process the data stored in said memory, wherein said 

7 intelligent data carrier is capable of connecting to a host computer device thereby 

8 transmitting data via said input-output apparatus over the network, and wherein 

9 said intelligent data carrier is adapted to establish a network identity for the user 

10 through an authentication and encryption scheme; and 



1 1 a dynamic datagram switch for dynamic allocation and swapping of 

12 datagrams for a multiplicity of applications in service to the one or more users. 

1 2. The system of claim 1, wherein said intelligent data carrier is 

2 mobile. 

1 3. The system of claim 1, wherein said intelligent data carrier is 

2 implemented with one of USB key, Compact Flash, Smart Media, Compact Disk, 

3 DVD, PDA, firewire device, and token device. 

1 4. The system of claim 1, wherein said authentication and encryption 

2 scheme comprises the following sequential steps: 

3 (a) a request being caused to forward from the intelligent data carrier to 

4 the network server that the intelligent data carrier be authenticated; 

5 (b) the network server presenting to the intelligent data carrier a 

6 plurality of authentication methods; 
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7 (c) the intelligent data carrier selecting one authentication method from 

8 said plurality through an event; 

9 (d) the network server sending the intelligent data carrier a demand, 

10 based on said selected method, for authentication data from the intelligent data 

1 1 carrier; , 

12 (e) the network server transforming said authentication data received 

13 from the intelligent data carrier into one or more data authentication objects, 

14 wherein each said data authentication object is a data vector object, capable of 

15 being analyzed using one or more classifiers; 

16 (f) the network server analyzing said data authentication objects, 

17 according to said one or more classifiers, thereby determining the result of the 

18 authentication; and 

19 (g) the network server sending said result to the intelligent data carrier, 

20 indicating a successful or failed authentication attempt. 

1 5. The system of claim 4, wherein said event in step (c) comprises at 

2 least one of a click of a mouse, a touch on a screen, a keystroke, an utterance, and 

3 a biometric measurement. 

l 6. The system of claim 4, wherein said demand in step (d) comprises at 



2 least one of a pseudo random and a true random code, wherein a pseudo random 

3 code is generated based on a mathematically pre-calculated list, and wherein a true 

4 random code is generated by sampling and processing a source of entropy outside 

5 of the system. 

1 7. The system of claim 6, wherein said randomization is performed 

2 with one or more random generators and one or more independent seeds. 
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1 8. The system of claim 4, wherein said analyzing in step (f) is 

2 performed based on one or more analysis rules. 

1 9. The system of claim 4, wherein said one or more analysis rule 

2 comprises classification according to the one or more classifiers of step (e). 

1 10. The system of claim 9, wherein said classification comprises speaker 

2 verification, wherein the data object vectors involve two classes, the target speaker 

3 and the impostor, wherein each class is characterized by a probability density 

4 function, and wherein the determining in step (f) is a binary decision problem. 

1 11. The system of claim 4, wherein said determining in step (f) 

2 comprises computing at least one of the sum, superiority, and probability from 

3 said one or more data vector objects, based on the one or more classifiers of step 

4 (e). 

1 12. The system of claim 12, wherein the sum is one of a superior and a 

2 random sum computed from the one or more data vector objects. 

1 13. The system of claim 4, wherein said one or more classifiers in step 

2 (e) comprise a super classifier derived from the more than one data vector objects. 

1 14. The system of claim 13, wherein said super classifier is based on 

2 physical biometrics, comprising at least one of voice recognition, fingerprints, 

3 handprints, blood vessel patterns, DNA tests, retinal or iris scan, and face 

4 recognition. 

1 15. The system of claim 13, wherein said super classifier is based on 

2 performance biometrics, comprising habits or patterns of individual behaviors. 

1 16. The system of claim 1, wherein said authentication and encryption 

2 scheme comprises symmetrical and asymmetrical multi-cipher encryption. 
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1 17. The system of claim 16, wherein said encryption uses at least one of 

2 output feedback, cipher feedback, cipher forwarding, and cipher block chaining. 

1 18. The system of claim 17, wherein the encryption is based on 

2 Advanced Encryption Standard (AES) Rijndael. 

1 19. The system of claim 1, wherein said authentication and encryption 

2 scheme implements Secure Key Exchange (SKE). 

l 20. The system of claim 19, wherein SKE employs a public key system. 

1 21. The system of claim 1 9, wherein SKE employs Elliptic Curve 

2 Cryptosystem (ECC) private keys. 

l 22. The system of claim 1, wherein the authentication and encryption 



2 scheme comprises at least one of a logic test adapted to validate that the intelligent 

3 data carrier has been registered with the server, a device test adapted to validate 

4 the physical parameters at the intelligent data carrier and the host computer device, 

5 and a personal test adapted to authenticate the user based on event-level data. 

1 23. The system of claim 1, wherein said multiplicity of applications 

2 comprises at least one of window-based remote terminal server applications, 

3 applications on 3270/5250 terminal emulators for mainframe, directly embedded 

4 applications, and multimedia applications, wherein the directly embedded 

5 applications comprise at least one of database applications, data analysis tools, 

6 Customer Relation Management (CRM) tools, and Enterprise Resource Planning 

7 (ERP) packages. 

1 24. The system of claim 1, wherein said dynamic datagram switch 

2 comprises a datagram schema and a parser, wherein said datagram schema 

3 comprises two or more datagrams, belonging to one or more datagram types, 

4 wherein said datagram is adapted to carry (i) content data for network transmission 
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5 and (ii) other information for managing and controlling network connections and 

6 support network applications, wherein each datagram type comprises a plurality of 

7 functions, and wherein said parser is adapted to parse the one or more datagram 

8 types. 

1 25. The system of claim 24, wherein said datagram schema comprises at 

2 least one major datagram type and within said one major datagram type, at least 

3 one minor datagram type. 

1 26. The system of claim 25, wherein the parser is adapted to parse a 

2 matrix of datagram types, said matrix comprising a first multiplicity of major 

3 datagram types and in each major datagram type of said first multiplicity, a second 

4 multiplicity of minor datagram types. 

1 27. The system of claim 26, wherein the major datagram type is selected 

2 from the group consisting of (i) the server messages and connection control 

3 datagram, adapted to authenticate and control user connections, (ii) the content 

4 datagram, adapted to transmit the content data, (iii) the broadcast datagram, 

5 adapted to manage point-to-point, point-to-multipoint, and multipoint-to- 

6 multipoint data transmission, (iv) the connection proxy datagram, adapted to pass 

7 proxy data between the network server and the intelligent data carrier, (v) the 

8 instant message type, adapted to transmit messages in real-time, (vi) the large 

9 content transfer datagram, adapted to transfer oversized data and media files, (vii) 

10 the user directory datagram, adapted to search for network users, and (viii) the 

1 1 remote management datagram, adapted to remotely control network users. 

1 28. The system of claim 27, wherein the server messages and connection 

2 control datagram comprises at least one of minor datagram types: (i) the 

3 authentication request datagram, adapted to initiate an authentication request, (ii) 

4 the authentication reply datagram, adapted to send a response upon a request of 
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5 authentication, and (iii) the authentication result datagram, adapted to send the 

6 result of an authentication session. 



1 29. The system of claim 28, wherein the content datagram comprises at 

2 least one of minor datagram types: (i) the normal content datagram, adapted to 

3 transmit the content data, (ii) the remote logging datagram, adapted to 

4 communicate with the network server and establish a login session, and (iii) the 

5 remote data collector datagram, adapted to transmit data from a remote 

6 connection. 

1 30. The system of claim 29, wherein the content datagram further 

2 comprises at least one of minor datagram types: (iv) the content approval request 

3 datagram, adapted to request verification of the content data transmitted, and (v) 

4 the content approval reply datagram, adapted to respond to a request of 

5 verification of the content data transmitted. 

1 31. The system of claim 27, wherein the connection proxy datagram 

2 comprises at least one of minor datagram types: (i) proxy data to server, adapted to 

3 pass proxy data to the network server from the intelligent data carrier, and (ii) 

4 proxy data from server, adapted to pass the proxy data from the network server to 

5 the intelligent data carrier. 

1 32. The system of claim 27, wherein the instant message type comprises 

2 at least one of minor datagram types: (i) the file transmission type, (ii) the audio- 

3 video transmission type, (iii) the instant mail message type, and (iv) the remote 

4 data collection type. 

1 33. The system of claim 24, wherein each datagram in the datagram 

2 schema has a generic layout comprising: 

3 (A) header fields for (i) one or more major datagram types, (ii) one or more 

4 minor datagram type, (ii) the datagram length, and (iii) a datagram checksum, and 
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5 (B) a datagram pay load for carrying data in transmission. 

1 34. The system of claim 33, wherein the generic layout comprises one or 

2 more additional header fields. 

1 35. The system of claim 33, wherein the generic layout follows a TCP 

2 header. 

1 36. The system of claim 1, wherein the intelligent data carrier further 

2 comprises a radar connector, wherein the radar connector interfaces the network 

3 and is adapted to monitor and control network connections. 

1 37. The system of claim 36, wherein the network server further 

2 comprises a radar connector adapted to monitor and control network connections, 

3 wherein the radar connector of the network server is connected to the radar 

4 connector of the intelligent data carrier over the network. 

1 38. The system of claim 37, wherein said radar connector is further 

2 adapted to detect lost connections and initialize contact to the network server 

3 thereby reestablishing connections. 

1 39. The system of claim 1 , further comprising an injector, adapted to 

2 connect an existing networks to the network server and transmit data between said 

3 existing network and the intelligent data carrier via the network server, wherein 

4 said existing network is wired or wireless. 

1 40. The system of claim 39, wherein the injector further comprises a 

2 radar connector, interfacing the network and adapted to monitor and control 

3 network connections. 

l 41. A client-server communication system, comprising: 
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2 at least one server, comprising a dynamic datagram switch for dynamic 

3 allocation and swapping of datagrams for a multiplicity of network applications; 

4 and 

5 at least one client, wherein the client is an intelligent data carrier, 



6 comprising at least (i) one memory, adapted to store data, (ii) one input-output 

7 apparatus, adapted to input and output data, and (iii) one processor, adapted to 

8 process the data stored in said memory, wjierein said intelligent data carrier is 

9 capable of connecting to a host computer device thereby transmitting data via said 

10 input-output apparatus over the network, and wherein said intelligent data carrier 

1 1 is adapted to establish a network user identity through an authentication and 

12 encryption scheme for secure data transmission between said server and said 

13 client. 



1 42. The client-server communication system of claim 41, wherein the 

2 intelligent data carrier is mobile. 

1 43. The client-server communication system of claim 42, wherein said 

2 intelligent data carrier is implemented with one of USB key, Compact Flash, 

3 Smart Media, Compact Disk, DVD, PDA, firewire device, and token device. 

l 44. The client-server communication system of claim 41, wherein said 



2 dynamic datagram switch comprises a datagram schema and a parser, wherein said 

3 datagram schema comprises two or more datagrams, belonging to one or more 

4 datagram types, wherein said datagram is adapted to carry (i) content data for 

5 network transmission and (ii) other information for managing and controlling 

6 network connections and support network applications, wherein each datagram 

7 type comprises a plurality of functions, and wherein said parser is adapted to parse 

8 the one or more datagram types. 
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1 45. The client-server communication system of claim 44, wherein said 

2 datagram schema comprises at least one major datagram type and within said one 

3 major datagram type, at least one minor datagram type. 

1 46. The client-server communication system of claim 45, wherein the 

2 parser is adapted to parse a matrix of datagram types, said matrix comprising a 

3 first multiplicity of major datagram types and in each major datagram type of said 

4 first multiplicity, a second multiplicity of minor datagram types. 

1 47. The client-server communication system of claim 46, wherein each 

2 datagram in the datagram schema has a generic layout comprising: 

3 (A) header fields for (i) one or more major datagram types, (ii) one or more 

4 minor datagram type, (ii) the datagram length, and (iii) a datagram checksum, and 

5 (B) a datagram payload for carrying data in transmission. 

1 48. The client-server communication system of claim 41, wherein said 

2 authentication and encryption scheme comprises the following sequential steps: 

3 (a) . a request being caused to forward from the intelligent data carrier to 

4 the server that the client be authenticated; 

5 (b) the network server presenting to the intelligent data carrier a 

6 plurality of authentication methods; 

7 (c) the intelligent data carrier selecting one authentication method from 

8 said plurality through an event; 

9 (d) the server sending the intelligent data carrier a demand, based on 
10 said selected method, for authentication data from the intelligent data carrier; 
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1 1 (e) the server transforming said authentication data received from the 

12 intelligent data carrier into one or more data authentication objects, wherein each 

13 said data authentication object is a data vector object, capable of being analyzed 

14 using one or more classifiers; 

15 (f) the server analyzing said data authentication objects, according to 

16 said one or more classifiers, thereby determining the result of the authentication; 

17 and 

18 (g) the server sending said result to the intelligent data carrier, indicating 

19 a successful or failed authentication attempt. 

1 49. The client-server communication system of claim 48, wherein said 

2 event in step (c) comprises at least one of a click of a mouse, a touch on a screen, a 

3 keystroke, an utterance, and a biometric measurement. 

1 50. The client-server communication system of claim 49, wherein said 

2 demand in step (d) comprises at least one of a pseudo random and a true random 

3 code, wherein a pseudo random code is generated based on a mathematically pre- 

4 calculated list, and wherein a true random code is generated by sampling and 

5 processing a source of entropy outside of the system. 

1 51. The client-server communication system of claim 50, wherein said 

2 randomization is performed with one or more random generators and one or more 

3 independent seeds. 

1 52. The client-server communication system of claim 48, wherein said 

2 analyzing in step (f) is performed based on one or more analysis rules. 

1 53. The client-server communication system of claim 49, wherein said 

2 one or more analysis rule comprises classification according to the one or more 

3 classifiers of step (e). 



86 



1 54. The client-server communication system of claim 53, wherein said 

2 classification comprises speaker verification, wherein the data object vectors 

3 involve two classes, the target speaker and the impostor, wherein each class is 

4 characterized by a probability density function, and wherein the determining in 

5 step (f) is a binary decision problem. 

1 55. The client-server communication system of claim 48, wherein said 

2 determining in step (f) comprises computing at least one of the sum, superiority, 

3 and probability from said one or more data vector objects, based on the one or 

4 more classifiers of step (e). 

1 56. The client-server communication system of claim 56, wherein the 

2 sum is one of a superior and a random sum computed from the one or more data 

3 vector objects. 

1 57. The client-server communication system of claim 48, wherein said 

2 one or more classifiers in step (e) comprise a super classifier derived from the 

3 more than one data vector objects. 

1 58. The client-server communication system of claim 57, wherein said 

2 super classifier is based on physical biometrics, comprising at least one of voice 

3 recognition, fingerprints, handprints, blood vessel patterns, DNA tests, retinal or 

4 iris scan, and face recognition. 

1 59. The client-server communication system of claim 57, wherein said 

2 super classifier is based on performance biometrics, comprising habits or patterns 

3 of individual behaviors. 

1 60. The client-server communication system of claim 41, wherein said 

2 authentication and encryption scheme comprises symmetrical and asymmetrical 

3 multi-cipher encryption. 
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1 61. The client-server communication system of claim 4 1 , wherein said 

2 encryption uses at least one of output feedback, cipher feedback, cipher 

3 forwarding, and cipher block chaining. 

1 62. The client-server communication system of claim 61 , wherein the 

2 encryption is based on Advanced Encryption Standard (AES) Rijndael. 

1 63. The client-server communication system of claim 41, wherein said 

2 authentication and encryption scheme implements Secure Key Exchange (SKE). 

1 64. The client-server communication system of claim 63, wherein SKE 

2 employs a public key system. 

1 65. The client-server communication system of claim 63, wherein SKE 

2 employs Elliptic Curve Cryptosystem (ECC) private keys. 

l 66. The client-server communication system of claim 65, wherein the 



2 authentication and encryption scheme comprises at least one of a logic test adapted 

3 to validate that the intelligent data carrier has been registered with the server, a 

4 device test adapted to validate the physical parameters at the intelligent data 

5 carrier and the host computer device, and a personal test adapted to authenticate 

6 the user based on event-level data. 



1 67. The client-server communication system of claim 4 1 , further 

2 comprising an injector, adapted to connect an existing network to the server and 

3 transmit data between the existing networks and the client via the server, wherein 

4 the existing network is wired or wireless. 

1 68. The client-server communication system of claim 67, wherein the 

2 server, client, and injector each comprises a radar connector, wherein the radar 

3 connector interfaces the network and is adapted to monitor and control network 

4 connections, wherein the radar connector of the client is connected to the radar 
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5 connector of the server over the network, and wherein the radar connector of the 

6 injector is connected to the radar connector of the server over the network. 

1 69. The client-server communication system of claim 68, wherein the 

2 radar connector of the client is further adapted to detect lost connections and 

3 initialize contact to the server thereby reestablishing connections. 

1 70. The client-server communication system of claim 41, wherein the 

2 server further comprises an encrypted virtual file system for dedicated data storage 

3 for the client. 

l 7 1 . An intelligent data carrier, comprising at least (i) one memory, 



2 adapted to store data, (ii) one input-output apparatus, adapted to input and output 

3 data, and (iii) one processor, adapted to process the data stored in said memory, 

4 wherein the intelligent data carrier is capable of connecting to a host computer 

5 device on a network thereby transmitting data via said input-output apparatus over 

6 the network, wherein the data transmission is through dynamically-switched 

7 datagrams, wherein the intelligent data carrier is adapted to establish a network 

8 user identity through an authentication and encryption scheme for secure network 

9 data transmission. 



10 72. The intelligent data carrier of claim 71, wherein said authentication 

1 1 and encryption scheme comprises the following sequential steps: 

12 (a) a request being caused to forward from the intelligent data carrier to 

13 a server on the network that the intelligent data carrier be authenticated; 

14 (b) the server presenting to the intelligent data carrier a plurality of 

1 5 authentication methods ; 

16 (c) the intelligent data carrier selecting one authentication method from 

17 said plurality through an event; 
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18 (d) the server sending the intelligent data carrier a demand, based on 

19 said selected method, for authentication data from the intelligent data carrier; 

20 (e) the server transforming said authentication data received from the 

21 intelligent data carrier into one or more data authentication objects, wherein each 

22 said data authentication object is a data vector object, capable of being analyzed 

23 using one or more classifiers; 

24 (f) the server analyzing said data authentication objects, according to 

25 said one or more classifiers, thereby determining the result of the authentication; 

26 and 

27 (g) the server sending said result to the intelligent data carrier, indicating 

28 a successful or failed authentication attempt. 

1 73. The intelligent data carrier of claim 72, wherein said event in step (c) 

2 comprises at least one of a click of a mouse, a touch on a screen, a keystroke, an 

3 utterance, and a biometric measurement. 



1 74. The intelligent data carrier of claim 72, wherein said demand in step 

2 (d) comprises at least one of a pseudo random and a true random code, wherein a 

3 pseudo random code is generated based on a mathematically pre-calculated list, 

4 and wherein a true random code is generated by sampling and processing a source 

5 of entropy outside of the system. 

1 75. The intelligent data carrier of claim 74, wherein said randomization 

2 is performed with one or more random generators and one or more independent 

3 seeds. 

1 76. The intelligent data carrier of claim 72, wherein said analyzing in 

2 step (f) is performed based on one or more analysis rules. 
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1 77. The intelligent data carrier of claim 76, wherein said one or more 

2 analysis rule comprises classification according to the one or more classifiers of 

3 step (e). 

1 78. The intelligent data carrier of claim 77, wherein said classification 

2 comprises speaker verification, wherein the data object vectors involve two 

3 classes, the target speaker and the impostor, wherein each class is characterized by 

4 a probability density function, and wherein the determining in step (f) is a binary 

5 decision problem. 

1 79. The intelligent data carrier of claim 72, wherein said determining in 

2 step (f) comprises computing at least one of the sum, superiority, and probability 

3 from said one or more data vector objects, based on the one or more classifiers of 

4 step (e). 

1 80. The intelligent data carrier of claim 79, wherein the sum is one of a 

2 superior and a random sum computed from the one or more data vector objects. 

1 81 . The intelligent data carrier of claim 72, wherein said one or more 

2 classifiers in step (e) comprise a super classifier derived from the more than one 

3 data vector obj ects . 

1 82. The intelligent data carrier of claim 81, wherein said super classifier 

2 is based on physical biometrics, comprising at least one of voice recognition, 

3 fingerprints, handprints, blood vessel patterns, DNA tests, retinal or iris scan, and 

4 face recognition. 

1 83. The intelligent data carrier of claim 81, wherein said super classifier 

2 is based on performance biometrics, comprising habits or patterns of individual 

3 behaviors. 
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1 84. The intelligent data carrier of claim 7 1 , wherein said authentication 

2 and encryption scheme comprises symmetrical and asymmetrical multi-cipher 

3 encryption. 

1 85. The intelligent data carrier of claim 84, wherein said encryption uses 

2 at least one of output feedback, cipher feedback, cipher forwarding, and cipher 

3 block chaining. 

1 86. The intelligent data carrier of claim 85, wherein the encryption is 

2 based on Advanced Encryption Standard (AES) Rijndael. 

1 . 87. The intelligent data carrier of claim 71, wherein said authentication 

2 and encryption scheme implements Secure Key Exchange (SKE). 

1 88. The intelligent data carrier of claim 87, wherein SKE employs a 

2 public key system. 

1 89. The intelligent data carrier of claim 87, wherein SKE employs 

2 Elliptic Curve Cryptosystem (ECC) private keys. 

l 90. The intelligent data carrier of claim 7 1 , wherein the authentication 



2 and encryption scheme comprises at least one of a logic test adapted to validate 

3 that the intelligent data carrier has been registered with the server, a device test 

4 adapted to validate the physical parameters at the intelligent data carrier and the 

5 host computer device, and a personal test adapted to authenticate the user based on 

6 event-level data. 

1 91. The intelligent data carrier of claim 7 1 , said intelligent data carrier 

2 being mobile. 
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1 92. The intelligent data carrier of claim 91, said intelligent data carrier is 

2 implemented with one of USB keys, Compact Flash, Smart Media, Compact 

3 Disks, DVDs, PDAs, firewire devices, and token devices. 



1 93. The intelligent data carrier of claim 7 1 , wherein the dynamically- 

2 switched datagrams belong to one or more datagram types and are adapted to carry 

3 (i) content data for network transmission and (ii) other information for managing 

4 and controlling network connections and supporting network applications, wherein 

5 each datagram type comprises a plurality of functions. 

1 94. The intelligent data carrier of claim 93, wherein the datagram types 

2 comprise at least one major datagram type and within the major datagram type, at 

3 least one minor datagram type. 

1 95. The intelligent data carrier of claim 94, wherein the datagrams 

2 conform to a generic layout, said generic layout comprising: 

3 (A) header fields for (i) one or more major datagram types, (ii) one or more 

4 minor datagram type, (ii) the datagram length, and (iii) a datagram checksum, and 

5 (B) a datagram pay load for carrying data in transmission. 

1 96. A method for secure network communication, comprising: 

2 issuing to a network user an intelligent data carrier, wherein the intelligent 

3 data carrier comprises at least (i) one memory, adapted to store data, (ii) one input- 

4 output apparatus, adapted to input and output data, and (iii) one processor, adapted 

5 to process the data stored in said memory, wherein the intelligent data carrier is 

6 capable of connecting to a host computer device on the network thereby 

7 transmitting data via said input-output apparatus over the network, wherein the 

8 intelligent data carrier is adapted to establish a network identity for the network 

9 user through an authentication and encryption scheme; and 
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10 providing a dynamic datagram switch in a server on the network for 

1 1 dynamic allocation and swapping of datagrams in support of a multiplicity of 

12 applications. 

1 97. The method of claim 96, wherein the intelligent data carrier is 

2 mobile. 

1 98. The method of claim 97, wherein said intelligent data carrier is 

2 implemented with one of USB key, Compact Flash, Smart Media, Compact Disk, 

3 DVD, PDA, firewire device, and token device. 

i 99. The method of claim 96, wherein the dynamic datagram switch 



2 comprises a datagram schema and a parser, wherein the datagram schema 

3 comprises two or more datagrams, belonging to one or more datagram types, 

4 wherein the datagram is adapted to carry (i) content data for network transmission 

5 and (ii) other information for managing and controlling network connections and 

6 support network applications, wherein the datagram type comprises a plurality of 

7 functions, and wherein the parser is adapted to parse the one or more datagram 

8 types. 



1 100. The method of claim 99, wherein the datagram schema comprises at 

2 least one major datagram type and within said major datagram type, at least one 

3 minor datagram type. 

1 101. The method of claim 1 00, wherein the parser is adapted to parse a 

2 matrix of datagram types, said matrix comprising a first multiplicity of major 

3 datagram types and in each major datagram type of said first multiplicity, a second 

4 multiplicity of minor datagram types. 

1 102. The method of claim 99, wherein each datagram in the datagram 

2 schema has a generic layout comprising: 
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3 (A) header fields for (i) one or more major datagram types, (ii) one or more 

4 minor datagram type, (ii) the datagram length, and (iii) a datagram checksum, and 

5 (B) a datagram payload for carrying data in transmission. 

1 103. The method of claim 96, wherein the authentication and encryption 

2 scheme comprises the following sequential steps: 

3 (a) a request being caused to forward from the intelligent data carrier to 

4 the server that the intelligent data carrier be authenticated; 

5 (b) the server presenting to the intelligent data carrier a plurality of 

6 authentication methods; 

7 (c) the intelligent data carrier selecting one authentication method from 

8 said plurality through an event; 

9 (d) the server sending the intelligent data carrier a demand, based on 

10 said selected method, for authentication data from the intelligent data carrier; 

1 1 (e) the server transforming said authentication data received from the 

12 intelligent data carrier into one or more data authentication objects, wherein each 

13 said data authentication object is a data vector object, capable of being analyzed 

14 using one or more classifiers; 

15 (f) the server analyzing said data authentication objects, according to 

16 said one or more classifiers, thereby determining the result of the authentication; 

17 and 

18 (g) the server sending said result to the intelligent data carrier, indicating 

19 a successful or failed authentication attempt. 
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1 104. The method of claim 103, wherein said event in step (c) comprises at 

2 least one of a click of a mouse, a touch on a screen, a keystroke, an utterance, and 

3 a biometric measurement. 

1 105. The method of claim 103, wherein said demand in step (d) 

2 comprises at least one of a pseudo random and a true random code, wherein a 

3 pseudo random code is generated based on a mathematically pre-calculated list, 

4 and wherein a true random code is generated by sampling and processing a source 

5 of entropy outside of the system. 

1 106. The method of claim 104, wherein said randomization is performed 

2 with one or more random generators and one or more independent seeds. 

1 107. The method of claim 103, wherein said analyzing in step (f) is 

2 performed based on one or more analysis rules. 

1 108. The method of claim 107, wherein said one or more analysis rule 

2 comprises classification according to the one or more classifiers of step (e). 

l 109. The method of claim 108, wherein said classification comprises 



2 speaker verification, wherein the data object vectors involve two classes, the target 

3 speaker and the impostor, wherein each class is characterized by a probability 

4 density function, and wherein the determining in step (f) is a binary decision 

5 problem. 



1 110. The method of claim 103, wherein said determining in step (f) 

2 comprises computing at least one of the sum, superiority, and probability from 

3 said one or more data vector objects, based on the one or more classifiers of step 

4 (e). 

1 111. The method of claim 1 10, wherein the sum is one of a superior and a 

2 random sum computed from the one or more data vector objects. 
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1 1 12. The method of claim 103, wherein said one or more classifiers in 

2 step (e) comprise a super classifier derived from the more than one data vector 

3 objects. 

1 113. The method of claim 1 12, wherein said super classifier is based on 

2 physical biometrics, comprising at least one of voice recognition, fingerprints, 

3 handprints, blood vessel patterns, DNA tests, retinal or iris scan, and face 

4 recognition. 

1 114. The method of claim 1 12, wherein said super classifier is based on 

2 performance biometrics, comprising habits or patterns of individual behaviors. 

1 115. The method of claim 96, wherein said authentication and encryption 

2 scheme comprises symmetrical and asymmetrical multi-cipher encryption. 

1 116. The method of claim 1 1 5, wherein said encryption uses at least one 

2 of output feedback, cipher feedback, cipher forwarding, and cipher block chaining. 

1 117. The method of claim 1 16, wherein the encryption is based on 

2 Advanced Encryption Standard (AES) Rijndael. 

1 118. The method of claim 96, wherein said authentication and encryption 

2 scheme implements Secure Key Exchange (SKE). 

1 119. The method of claim 1 18, wherein SKE employs a public key 

2 system. 

1 120. The method of claim 118, wherein SKE employs Elliptic Curve 

2 Cryptosystem (ECC) private keys. 

1 121 . The method of claim 96, wherein the authentication and encryption 

2 scheme comprises at least one of a logic test adapted to validate that the intelligent 

3 data carrier has been registered with the server, a device test adapted to validate 
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4 the physical parameters at the intelligent data carrier and the host computer device, 

5 and a personal test adapted to authenticate the user based on event-level data. 

1 122. The method of claim 96, further comprising providing a first radar 

2 connector in the intelligent data carrier and a second radar connector in the server, 

3 wherein the first radar connector is adapted to connected to the second radar 

4 connector over the network, wherein the first and the second radar connector are 

5 adapted to monitor and control network connections. 

1 123. The method of claim 122, wherein the first radar connector is further 

2 adapted to detect lost connections and initialize contact to the second radar 

3 connector thereby reestablishing connections. 

1 124. The method of claim 96, further comprising providing an encrypted 

2 virtual file system in the server for dedicated data storage for the client. 

1 125. The method of claim 96, wherein the dynamic datagram switch 

2 performs datagram allocation and swapping in real time. 

1 126. The method of claim 96, wherein the dynamic datagram switch 

2 performs datagram allocation and swapping based on memory pointers of two or 

3 more datagrams. 

1 127. A method for target delivery of one or more applications to a user, 

2 comprising: 

3 issuing the user an intelligent data carrier, adapted to dock onto a host 

4 computer device that is connected to a network on which a network server sits and 

5 communicate with the network server over the network, wherein the network 

6 server communicates with the intelligent data carrier through dynamically- 

7 switched datagrams, wherein the intelligent data carrier comprises at least (i) one 

8 memory, adapted to store data, (ii) one input-output apparatus, adapted to input 
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10 



and output data, and (iii) one processor, adapted to process the data stored in said 
memory; 



1 1 the server authenticating the user through an authentication and encryption 

12 scheme; and 

13 granting the user access to the one or more applications upon successful 

14 authentication. 

1 128. The method of claim 127, wherein said one or more applications are 

2 preloaded on the intelligent data carrier or installed on the network server or the 

3 host computer device. 

1 129. The method of claim 128, wherein the host computer device is 

2 connected to the network via wired or wireless means. 

l 130. The method of claim 128, wherein the host computer device 



2 comprises at least one of a desktop or laptop computer, a personal digital assistant 

3 (PDA), a mobile phone, a digital TV, an audio or video player, a computer game 

4 consol, a digital camera, a camera phone, and a network-enabled domestic 

5 appliance. 



6 131. The method of claim 130, wherein the network-enabled domestic 

7 appliance is one of a network-enabled refrigerator, microwave, washer, dryer, and 

8 dishwasher. 

1 132. The method of claim 127, wherein said one or more applications 

2 comprise at least one of window-based remote terminal server applications, 

3 applications on 3270/5250 terminal emulators for mainframe, directly embedded 

4 applications, and multimedia applications, wherein the directly embedded 

5 applications comprise at least one of database applications, data analysis tools, 
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6 Customer Relation Management (CRM) tools, and Enterprise Resource Planning 

7 (ERP) packages. 

1 133. The method of claim 127, wherein said intelligent data carrier is 

2 mobile. 

1 134. The method of claim 127, wherein said intelligent data carrier is 

2 implemented with one of USB key, Compact Flash, Smart Media, Compact Disk, 

3 DVD, PDA, firewire device, and token device. 

l 135. The method of claim 127, wherein the dynamically switched 



2 datagrams belong to one or more datagram types and adapted to carry (i) content 

3 data for network transmission and (ii) other information for managing and 

4 controlling network connections and support network applications, wherein the 

5 datagram type comprises a plurality of functions. 



1 136. The method of claim 135, wherein the datagram types comprises at 

2 least one major datagram type and within the major datagram type, at least one 

3 minor datagram type. 

l 137. The method of claim 136, wherein the datagrams conform to a 



2 generic layout that comprises: (A) header fields for (i) one or more major 

3 datagram types, (ii) one or more minor datagram type, (ii) the datagram length, 

4 and (iii) a datagram checksum, and (B) a datagram payload for carrying data in 

5 transmission. 



1 138. The method of claim 127, wherein the authentication and encryption 

2 scheme comprises the following sequential steps: 

3 (a) a request being caused to forward from the intelligent data carrier to 

4 the server that the intelligent data carrier be authenticated; 
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5 (b) the server presenting to the intelligent data carrier a plurality of 

6 authentication methods; 

7 (c) the intelligent data carrier selecting one authentication method from 

8 said plurality through an event; 

9 (d) the server sending the intelligent data carrier a demand, based on 

10 said selected method, for authentication data from the intelligent data carrier; 

1 1 (e) the server transforming said authentication data received from the 

12 intelligent data carrier into one or more data authentication objects, wherein each 

13 said data authentication object is a data vector object, capable of being analyzed 

14 using one or more classifiers; 

15 (f) the server analyzing said data authentication objects, according to 

16 said one or more classifiers, thereby determining the result of the authentication; 

17 and 

18 (g) the server sending said result to the intelligent data carrier, indicating 

19 a successful or failed authentication attempt. 

1 139. The method of claim 138, wherein said event in step (c) comprises at 

2 least one of a click of a mouse, a touch on a screen, a keystroke, an utterance, and 

3 a biometric measurement. 

1 140. The method of claim 138, wherein said demand in step (d) 

2 comprises at least one of a pseudo random and a true random code, wherein a 

3 pseudo random code is generated based on a mathematically pre-calculated list, 

4 and wherein a true random code is generated by sampling and processing a source 

5 of entropy outside of the system. 
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1 141 . The method of claim 140, wherein said randomization is performed 

2 with one or more random generators and one or more independent seeds. 



1 142. The method of claim 138, wherein said analyzing in step (f) is 

2 performed based on one or more analysis rules. 

1 143. The method of claim 142, wherein said one or more analysis rule 

2 comprises classification according to the one or more classifiers of step (e). 

1 144. The method of claim 143, wherein said classification comprises 

2 speaker verification, wherein the data object vectors involve two classes, the target 

3 speaker and the impostor, wherein each class is characterized by a probability 

4 density function, and wherein the determining in step (f) is a binary decision 

5 problem. 

1 145. The method of claim 138, wherein said determining in step (f) 

2 comprises computing at least one of the sum, superiority, and probability from 

3 said one or more data vector objects, based on the one or more classifiers of step 

4 (e). 

1 146. The method of claim 145, wherein the sum is one of a superior and a 

2 random sum computed from the one or more data vector objects. 

1 147. The method of claim 138, wherein said one or more classifiers in 

2 step (e) comprise a super classifier derived from the more than one data vector 

3 objects. 

1 148. The method of claim 147, wherein said super classifier is based on 

2 physical biometrics, comprising at least one of voice recognition, fingerprints, 

3 handprints, blood vessel patterns, DNA tests, retinal or iris scan, and face 

4 recognition. 
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1 149. The method of claim 147, wherein said super classifier is based on 

2 performance biometrics, comprising habits or patterns of individual behaviors. 

1 150. The method of claim 1 27, wherein said authentication and 

2 encryption scheme comprises symmetrical and asymmetrical multi-cipher 

3 encryption. 

1 151. The method of claim 150, wherein said encryption uses at least one 

2 of output feedback, cipher feedback, cipher forwarding, and cipher block chaining. 

1 152. The method of claim 151, wherein the encryption is based on 

2 Advanced Encryption Standard (AES) Rijndael. 

1 153. The method of claim 127, wherein said authentication and 

2 encryption scheme implements Secure Key Exchange (SKE). 

1 1 54. The method of claim 1 53, wherein SKE employs a public key 

2 system. 

1 155. The method of claim 153, wherein SKE employs Elliptic Curve 

2 Cryptosystem (ECC) private keys. 

l 156. The method of claim 127, wherein the authentication and encryption 



2 scheme comprises at least one of a logic test adapted to validate that the intelligent 

3 data carrier has been registered with the server, a device test adapted to validate 

4 the physical parameters at the intelligent data carrier and the host computer device, 

5 and a personal test adapted to authenticate the user based on event-level data. 

1 157. The method of claim 1 27, further comprising providing a first radar 

2 connector in the intelligent data carrier and a second radar connector in the server, 

3 wherein the first radar connector is adapted to connected to the second radar 
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4 connector over the network, wherein the first and the second radar connector are 

5 adapted to monitor and control network connections. 

1 158. The method of claim 157, wherein the first radar connector is further 

2 adapted to detect lost connections and initialize contact to the second radar 

3 connector thereby reestablishing connections. 

1 159. The method of claim 127, further comprising providing an encrypted 

2 virtual file system in the server for dedicated data storage for the intelligent data 

3 carrier. 

1 160. The method of claim 127, wherein the datagrams are dynamically 

2 switched based on their memory pointers. 
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